Multiple vulnerabilities in Microsoft Windows Resilient File System (ReFS) Deduplication Service
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2025-21183 CVE-2025-21182 |
| CWE-ID | CWE-415 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Windows Server Operating systems & Components / Operating system |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Double free
EUVDB-ID: #VU103778
Risk: Low
CVSSv4.0: 4.8 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21183
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to a boundary error in Windows Resilient File System (ReFS) Deduplication Service. A local attacker can win a race condition, trigger double free error and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows Server: 2016 10.0.14393.10 - 2025 10.0.26100.2894
CPE2.3- cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.7699:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2025:10.0.26100.2894:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Double free
EUVDB-ID: #VU103779
Risk: Low
CVSSv4.0: 4.8 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21182
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to a boundary error in Windows Resilient File System (ReFS) Deduplication Service. A local attacker can win a race condition, trigger double free error and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows Server: 2016 10.0.14393.10 - 2025 10.0.26100.2894
CPE2.3https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21182
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
